Bug 2425008 (CVE-2023-54056) - CVE-2023-54056 kernel: kheaders: Use array declaration instead of char
Summary: CVE-2023-54056 kernel: kheaders: Use array declaration instead of char
Keywords:
Status: NEW
Alias: CVE-2023-54056
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-24 13:01 UTC by OSIDB Bzimport
Modified: 2025-12-25 09:24 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:01:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

kheaders: Use array declaration instead of char

Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).

This was seen with:

  $ cat /sys/kernel/kheaders.tar.xz >> /dev/null

  detected buffer overflow in memcpy
  kernel BUG at lib/string_helpers.c:1027!
  ...
  RIP: 0010:fortify_panic+0xf/0x20
  [...]
  Call Trace:
   <TASK>
   ikheaders_read+0x45/0x50 [kheaders]
   kernfs_fop_read_iter+0x1a4/0x2f0
  ...
Comment 1 Alexander B 2025-12-25 09:20:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122426-CVE-2023-54056-fd56@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.